Autonomous Cars and Factory Settings: Keeping the Code and Drivers Safe on the Road
If you want a window into the future of data security challenges in the automotive space, consider the following story: Hackers were able to override the factory settings of a Jeep’s on-board digital systems last year, sending commands to the Cherokee’s dashboard functions and cutting its steering, brakes and transmission.
Luckily, as Wired reported, it was all just a series of experiments to illustrate the vulnerabilities inherent in today’s code-rich automobiles. The implications for the automotive industry, however, are significant as it turns toward an even more digitally dependent future.
With Business Insider predicting that 10 million self-driving cars will be on the road by 2020, fresh attention to anti-hacking measures in the next generation of vehicles has never been more important to both automakers and the drivers they serve.
Anti-Hacking in the Autonomous Car Space
Measures are under way to stop actors from getting into the factory settings of vehicles. The day after the Wired report hit the Internet, senators from Connecticut and Massachusetts rolled out details of their newly introduced Security and Privacy in Your Car Act. The legislation seeks to ensure that automakers safeguard critical vehicle systems against cybercriminals and calls for real-time hacking alert and response capabilities. The bill is currently under review.
Efforts are also under way in the private sector. According to Reuters, companies such as Uber are hiring data security experts. Uber is working on self-driving cars as the next phase for its on-demand fleets, and the company is onboarding experts to make sure those cars are protected against cybercriminals looking to get into the code.
Building Security Into Factory Settings
Beyond cybercriminals, car manufacturers are also concerned about owners seeking to penetrate and override factory settings in the digital space.
The reasons, as Cory Doctorow explained in The Guardian, are complicated and emerge from deep ethical considerations of how driverless cars would work. Would an owner want to bypass algorithms that solve ambiguous crash-related problems — perhaps to ensure that the least damage is done to the driver no matter the consequences to pedestrians and other cars?
If so, coders and security experts must look for potential exploits sooner rather than later. The automotive industry is highly disincentivized to have roads full of autonomous vehicles all operating under slightly different, user-modified rules.
Third-Party Partnerships to Secure the Digital Future
Layers of security make for robust protection against actors trying to break into a car’s system. A managed security services provider (MSSP) can help save on the costs of managing anti-hacking measures by up to 55 percent, according to experts at IBM. When it comes to vectors such as vulnerability testing, the MSSP is rapidly expanding its footprint in information technology verticals within the public sector.
As Government Technology pointed out, a huge part of the appeal a MSSP brings to large-scale projects — and the autonomous car sector, with its many players, shares this characteristic with public-sector efforts — is not just cost savings, but also the deep well of talent that third-party partnerships can supply.
As automakers plan a new, industrywide Multistate Information Sharing and Analysis Center squarely aimed at building out the knowledge base and expertise resources around data security in the car of tomorrow, the MSSP represents an avenue to best practices and deep-bench consultancy that should not be ignored.